Imported Upstream version 5.1.2

6 files changed, 20 insertions, 7 deletions

diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in
index 53ff2eb4c..f0735294b 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.in
+++ b/src/libstrongswan/plugins/openssl/Makefile.in
@@ -224,8 +224,6 @@ BTLIB = @BTLIB@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
 COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
 COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
 CPP = @CPP@
@@ -293,6 +291,11 @@ PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
 RANLIB = @RANLIB@
 RTLIB = @RTLIB@
 RUBY = @RUBY@
@@ -381,12 +384,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
 pcsclite_LIBS = @pcsclite_LIBS@
 pdfdir = @pdfdir@
 piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
 pki_plugins = @pki_plugins@
 plugindir = @plugindir@
 pool_plugins = @pool_plugins@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
 random_device = @random_device@
 resolv_conf = @resolv_conf@
 routing_table = @routing_table@
@@ -401,6 +408,7 @@ soup_LIBS = @soup_LIBS@
 srcdir = @srcdir@
 starter_plugins = @starter_plugins@
 strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
 sysconfdir = @sysconfdir@
 systemdsystemunitdir = @systemdsystemunitdir@
 t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c
index 18aa5ceca..cb02c663c 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crl.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crl.c
@@ -471,7 +471,7 @@ static bool parse_extensions(private_openssl_crl_t *this)
 				default:
 					ok = X509_EXTENSION_get_critical(ext) == 0 ||
 						 !lib->settings->get_bool(lib->settings,
-								"libstrongswan.x509.enforce_critical", TRUE);
+									"%s.x509.enforce_critical", TRUE, lib->ns);
 					if (!ok)
 					{
 						DBG1(DBG_LIB, "found unsupported critical X.509 "
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
index c43fe455a..b487d59a5 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
@@ -102,6 +102,11 @@ static bool chunk2ecp(const EC_GROUP *group, chunk_t chunk, EC_POINT *point)
 		goto error;
 	}
 
+	if (!EC_POINT_is_on_curve(group, point, ctx))
+	{
+		goto error;
+	}
+
 	ret = TRUE;
 error:
 	BN_CTX_end(ctx);
@@ -196,7 +201,7 @@ static bool compute_shared_key(private_openssl_ec_diffie_hellman_t *this,
 	 * http://www.rfc-editor.org/errata_search.php?eid=9
 	 */
 	x_coordinate_only = lib->settings->get_bool(lib->settings,
-							"libstrongswan.ecp_x_coordinate_only", TRUE);
+									"%s.ecp_x_coordinate_only", TRUE, lib->ns);
 	if (!ecp2chunk(this->ec_group, secret, shared_secret, x_coordinate_only))
 	{
 		goto error;
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index ff2508609..f4aef8200 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -522,7 +522,7 @@ plugin_t *openssl_plugin_create()
 	int fips_mode;
 
 	fips_mode = lib->settings->get_int(lib->settings,
-						"libstrongswan.plugins.openssl.fips_mode", FIPS_MODE);
+							"%s.plugins.openssl.fips_mode", FIPS_MODE, lib->ns);
 #ifdef OPENSSL_FIPS
 	if (fips_mode)
 	{
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
index 036f53d23..10a35c1fd 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@ -558,7 +558,7 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
 	if (!engine_id)
 	{
 		engine_id = lib->settings->get_str(lib->settings,
-						"libstrongswan.plugins.openssl.engine_id", "pkcs11");
+							"%s.plugins.openssl.engine_id", "pkcs11", lib->ns);
 	}
 	engine = ENGINE_by_id(engine_id);
 	if (!engine)
diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index 24b12d50c..7a5b206dd 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -1012,7 +1012,7 @@ static bool parse_extensions(private_openssl_x509_t *this)
 				default:
 					ok = X509_EXTENSION_get_critical(ext) == 0 ||
 						 !lib->settings->get_bool(lib->settings,
-								"libstrongswan.x509.enforce_critical", TRUE);
+									"%s.x509.enforce_critical", TRUE, lib->ns);
 					if (!ok)
 					{
 						char buf[80] = "";